Metasploit mailing list archives

Re: Shikata_ga_nai evasion...

From: John Biondolillo <johnb.electric () gmail com>
Date: Thu, 18 Mar 2010 10:38:02 -0400

I've been able to bypass AV's by writing my own loader, not my own template
file but actually a small program that injects shellcode into memory. So I
use msfpayload to output to C then copy the shellcode into my own loader and
compile and I'm AV free. The other thing you should watch out for is unless
the online scanner has a option to not submit the sample once you upload
something it is submitted to the AV vendors and then they will create
signatures for it so I don't upload anything I want to keep undetected.

So to review the only way to be 100% undetected is to write your own stuff.
Using something thats out there in the public will never be 100%
undetectable.
The best skill I've ever learned is programming, you don't need to be an
expert but with a little knowledge you don't have to rely on other people to
make undetectable tools you can make your own.


John

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Re: Shikata_ga_nai evasion..., (continued)
- - - Re: Shikata_ga_nai evasion... netevil (Mar 14)
    - Re: Shikata_ga_nai evasion... ricky-lee birtles (Mar 14)
    - Re: Shikata_ga_nai evasion... Terrence (Mar 14)
    - Re: Shikata_ga_nai evasion... netevil (Mar 14)
    - Message not available
    - Re: Shikata_ga_nai evasion... netevil (Mar 14)
    - Re: Shikata_ga_nai evasion... Terrence (Mar 14)
    - Message not available
    - Re: Shikata_ga_nai evasion... netevil (Mar 14)
    - Re: Shikata_ga_nai evasion... 5.K1dd (Mar 14)
    - Re: Shikata_ga_nai evasion... Menerick, John (Mar 16)
- Re: Shikata_ga_nai evasion... NetEvil (Mar 17)
  - Re: Shikata_ga_nai evasion... John Biondolillo (Mar 18)
- Re: Shikata_ga_nai evasion... NetEvil (Mar 18)